Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Curl with rsa-sha2-256, rsa-sha2-512
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: João M. S. Silva via curl-users <curl-users_at_lists.haxx.se>
Date: Mon, 15 May 2023 13:30:14 +0100
>
> > Note that above I modified curl's source code to set:
>
> > Set "rsa-sha2-256,rsa-sha2-512"
>
> I'm not sure that's the right move.
>
I have reverted it.
> Either way: a decent way to debug this would to first use the SSH library
> alone with an example program and make sure that works, as then we know
> for
> sure the issue is truly in curl.
>
libssh2 seems to support it since it's using openssl as a cryptographic
library and LIBSSH2_RSA_SHA2 is defined.
But when I upload a file to itself (localhost) it now fails with:
$ curl/src/curl -v -T A -u x:y scp://localhost:/home/shared/B
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0* Trying 127.0.0.1:22...
* Connected to localhost (127.0.0.1) port 22 (#0)
* Found host localhost in /home/shared/.ssh/known_hosts
* Set "rsa-sha2-256,rsa-sha2-512,ssh-rsa" as SSH hostkey type
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0* Failure establishing ssh session: -5, Unable to exchange encryption
keys
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
* Closing connection 0
curl: (2) Failure establishing ssh session: -5, Unable to exchange
encryption keys
However, this works:
$ scp -oHostKeyAlgorithms=rsa-sha2-256 A localhost:B
Using the ECDSA key also works.
$ grep HostKeyAlgorithms /etc/ssh/sshd_config
HostKeyAlgorithms
rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
So, this must be debugged alone in libssh2 or can we get more info from
curl?
Date: Mon, 15 May 2023 13:30:14 +0100
>
> > Note that above I modified curl's source code to set:
>
> > Set "rsa-sha2-256,rsa-sha2-512"
>
> I'm not sure that's the right move.
>
I have reverted it.
> Either way: a decent way to debug this would to first use the SSH library
> alone with an example program and make sure that works, as then we know
> for
> sure the issue is truly in curl.
>
libssh2 seems to support it since it's using openssl as a cryptographic
library and LIBSSH2_RSA_SHA2 is defined.
But when I upload a file to itself (localhost) it now fails with:
$ curl/src/curl -v -T A -u x:y scp://localhost:/home/shared/B
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0* Trying 127.0.0.1:22...
* Connected to localhost (127.0.0.1) port 22 (#0)
* Found host localhost in /home/shared/.ssh/known_hosts
* Set "rsa-sha2-256,rsa-sha2-512,ssh-rsa" as SSH hostkey type
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0* Failure establishing ssh session: -5, Unable to exchange encryption
keys
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
* Closing connection 0
curl: (2) Failure establishing ssh session: -5, Unable to exchange
encryption keys
However, this works:
$ scp -oHostKeyAlgorithms=rsa-sha2-256 A localhost:B
Using the ECDSA key also works.
$ grep HostKeyAlgorithms /etc/ssh/sshd_config
HostKeyAlgorithms
rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
So, this must be debugged alone in libssh2 or can we get more info from
curl?
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-05-15